Sicherheitslücke Standards
This commit is contained in:
holger.trampe
parent
a2555511cd
commit
848bd524e8
|
|
@ -61,8 +61,11 @@
|
||||||
{% for s in task.standards %}
|
{% for s in task.standards %}
|
||||||
<!-- VISIBLE GROUPCHECK -->
|
<!-- VISIBLE GROUPCHECK -->
|
||||||
{% setbool False %}
|
{% setbool False %}
|
||||||
|
|
||||||
{% for ag in s.visibleby.all %}
|
{% for ag in s.visibleby.all %}
|
||||||
|
|
||||||
{% if request.user|has_group:ag.group.name %}
|
{% if request.user|has_group:ag.group.name %}
|
||||||
|
|
||||||
{% setbool True %}
|
{% setbool True %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
||||||
|
|
@ -274,6 +274,26 @@ def StandardAdd(request, id=False):
|
||||||
standard = Standards.objects.get(pk=id, agency=request.user.profile.agency)
|
standard = Standards.objects.get(pk=id, agency=request.user.profile.agency)
|
||||||
# SAVE UPDATED STANDARD
|
# SAVE UPDATED STANDARD
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# CHECK IF USER HAS RIGHTS TO SEE THIS DIR
|
||||||
|
groupsofstandard = standard
|
||||||
|
|
||||||
|
userisingroup = False
|
||||||
|
|
||||||
|
if len(groupsofstandard.visibleby.all()) == 0:
|
||||||
|
userisingroup = True
|
||||||
|
else:
|
||||||
|
for ag in groupsofstandard.visibleby.all():
|
||||||
|
|
||||||
|
if ag.group in request.user.groups.all():
|
||||||
|
userisingroup = True
|
||||||
|
|
||||||
|
if userisingroup:
|
||||||
|
|
||||||
normalForm = StandardUpdateStandard(request.POST, instance=standard)
|
normalForm = StandardUpdateStandard(request.POST, instance=standard)
|
||||||
editorForm = StandardUpdateStandardEditor(request.POST, instance=standard)
|
editorForm = StandardUpdateStandardEditor(request.POST, instance=standard)
|
||||||
|
|
||||||
|
|
@ -482,6 +502,28 @@ def StandardAdd(request, id=False):
|
||||||
return redirect('/standards')
|
return redirect('/standards')
|
||||||
# SHOW EXISTING STANDARD
|
# SHOW EXISTING STANDARD
|
||||||
else:
|
else:
|
||||||
|
|
||||||
|
|
||||||
|
# CHECK IF USER HAS RIGHTS TO SEE THIS DIR
|
||||||
|
groupsofstandard = standard
|
||||||
|
|
||||||
|
userisingroup = False
|
||||||
|
|
||||||
|
if len(groupsofstandard.visibleby.all()) == 0:
|
||||||
|
userisingroup = True
|
||||||
|
else:
|
||||||
|
for ag in groupsofstandard.visibleby.all():
|
||||||
|
|
||||||
|
if ag.group in request.user.groups.all():
|
||||||
|
userisingroup = True
|
||||||
|
|
||||||
|
if userisingroup:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
normalForm = StandardUpdateStandard(instance=standard)
|
normalForm = StandardUpdateStandard(instance=standard)
|
||||||
editorForm = StandardUpdateStandardEditor(instance=standard)
|
editorForm = StandardUpdateStandardEditor(instance=standard)
|
||||||
# GET ALL DATAS FROM STANDARD
|
# GET ALL DATAS FROM STANDARD
|
||||||
|
|
@ -616,6 +658,11 @@ def StandardAdd(request, id=False):
|
||||||
'aggroups' : AgencyGroup.objects.filter(agency=request.user.profile.agency)
|
'aggroups' : AgencyGroup.objects.filter(agency=request.user.profile.agency)
|
||||||
}
|
}
|
||||||
return render(request, 'standards/standards_add.html', context)
|
return render(request, 'standards/standards_add.html', context)
|
||||||
|
else:
|
||||||
|
context = {
|
||||||
|
'active_link':'standards'
|
||||||
|
}
|
||||||
|
return render(request, 'standards/standards_noentrie.html', context)
|
||||||
|
|
||||||
|
|
||||||
'''
|
'''
|
||||||
|
|
@ -713,6 +760,7 @@ def StandardSingle(request, pk):
|
||||||
userisingroup = True
|
userisingroup = True
|
||||||
else:
|
else:
|
||||||
for ag in groupsofstandard.visibleby.all():
|
for ag in groupsofstandard.visibleby.all():
|
||||||
|
|
||||||
if ag.group in request.user.groups.all():
|
if ag.group in request.user.groups.all():
|
||||||
userisingroup = True
|
userisingroup = True
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue